In a conversation on Twitter yesterday, Daniel Jalkut, of Red Sweater Software, asked whether there was a way to find out what entitlements a sandboxed app has. Brian Webster, of Fat Cat Software, shared the solution. Apparently, this command provides the information:

codesign -dvvv --entitlements - /path/to/app

(Replace "/path/to/app" with the path to the application.)

Not being a developer, I don't know exactly what this all means, but to those readers who are developers, this may be useful.

The entitlements are the rigorous list of specifically which non-sandboxed capabilities a sandboxed app has been granted. So while it's probably more decipherable to a developer, it could also be useful to power users who want to know "just how sandboxed" an app really is.